Re-post - PUM.Disabled.SecurityCenter

domer7 · May 13, 2013

Maurice,

All three scans ran. Logs to follow.

TDSSKiller Log

10:25:39.0843 3036 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:25:40.0921 3036 ============================================================

10:25:40.0921 3036 Current date / time: 2013/05/13 10:25:40.0921

10:25:40.0921 3036 SystemInfo:

10:25:40.0921 3036

10:25:40.0921 3036 OS Version: 5.1.2600 ServicePack: 3.0

10:25:40.0921 3036 Product type: Workstation

10:25:40.0921 3036 ComputerName: HOMEMAIN

10:25:40.0921 3036 UserName: Steve & Anita

10:25:40.0921 3036 Windows directory: C:\WINDOWS

10:25:40.0921 3036 System windows directory: C:\WINDOWS

10:25:40.0921 3036 Processor architecture: Intel x86

10:25:40.0921 3036 Number of processors: 1

10:25:40.0921 3036 Page size: 0x1000

10:25:40.0921 3036 Boot type: Normal boot

10:25:40.0921 3036 ============================================================

10:25:43.0015 3036 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:25:43.0015 3036 ============================================================

10:25:43.0015 3036 \Device\Harddisk0\DR0:

10:25:43.0015 3036 MBR partitions:

10:25:43.0015 3036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1

10:25:43.0015 3036 ============================================================

10:25:43.0062 3036 C: <-> \Device\Harddisk0\DR0\Partition1

10:25:43.0062 3036 ============================================================

10:25:43.0062 3036 Initialize success

10:25:43.0062 3036 ============================================================

10:25:45.0500 2536 ============================================================

10:25:45.0500 2536 Scan started

10:25:45.0500 2536 Mode: Manual;

10:25:45.0500 2536 ============================================================

10:25:46.0437 2536 ================ Scan system memory ========================

10:25:46.0437 2536 System memory - ok

10:25:46.0453 2536 ================ Scan services =============================

10:25:46.0671 2536 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys

10:25:46.0671 2536 61883 - ok

10:25:46.0703 2536 Abiosdsk - ok

10:25:46.0734 2536 abp480n5 - ok

10:25:46.0812 2536 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:25:46.0812 2536 ACPI - ok

10:25:46.0875 2536 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

10:25:46.0875 2536 ACPIEC - ok

10:25:46.0984 2536 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:25:47.0000 2536 AdobeFlashPlayerUpdateSvc - ok

10:25:47.0031 2536 adpu160m - ok

10:25:47.0093 2536 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

10:25:47.0093 2536 aec - ok

10:25:47.0171 2536 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys

10:25:47.0171 2536 Afc - ok

10:25:47.0218 2536 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

10:25:47.0218 2536 AFD - ok

10:25:47.0265 2536 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys

10:25:47.0265 2536 AFS2K - ok

10:25:47.0312 2536 Aha154x - ok

10:25:47.0343 2536 aic78u2 - ok

10:25:47.0375 2536 aic78xx - ok

10:25:47.0437 2536 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS

10:25:47.0437 2536 ALCXSENS - ok

10:25:47.0500 2536 [ 9A6A99F0D75B457E3A2267776EBE9F47 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

10:25:47.0515 2536 ALCXWDM - ok

10:25:47.0578 2536 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

10:25:47.0593 2536 Alerter - ok

10:25:47.0656 2536 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

10:25:47.0656 2536 ALG - ok

10:25:47.0687 2536 AliIde - ok

10:25:47.0718 2536 amsint - ok

10:25:48.0093 2536 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:25:48.0093 2536 Apple Mobile Device - ok

10:25:48.0171 2536 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:25:48.0171 2536 Arp1394 - ok

10:25:48.0203 2536 asc - ok

10:25:48.0234 2536 asc3350p - ok

10:25:48.0250 2536 asc3550 - ok

10:25:48.0421 2536 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:25:48.0421 2536 aspnet_state - ok

10:25:48.0468 2536 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:25:48.0468 2536 AsyncMac - ok

10:25:48.0531 2536 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

10:25:48.0531 2536 atapi - ok

10:25:48.0562 2536 Atdisk - ok

10:25:48.0640 2536 [ A2EAEB497CA29ECAEAF0DF66AD85C57D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

10:25:48.0656 2536 Ati HotKey Poller - ok

10:25:48.0750 2536 [ 312A17DFF710A0F4E6D4DD1D52EAD1A8 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

10:25:48.0750 2536 ATI Smart - ok

10:25:48.0859 2536 [ 492BD2A5F65F218D4EDE5764A3BB67E9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:25:48.0890 2536 ati2mtag - ok

10:25:48.0953 2536 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:25:48.0953 2536 Atmarpc - ok

10:25:48.0984 2536 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

10:25:49.0000 2536 AudioSrv - ok

10:25:49.0046 2536 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

10:25:49.0046 2536 audstub - ok

10:25:49.0171 2536 [ 2843669C89A00950195F51DBB5DB0B8E ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

10:25:49.0187 2536 Automatic LiveUpdate Scheduler - ok

10:25:49.0250 2536 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys

10:25:49.0250 2536 Avc - ok

10:25:49.0328 2536 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

10:25:49.0328 2536 Beep - ok

10:25:49.0546 2536 [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20130502.001\BHDrvx86.sys

10:25:49.0593 2536 BHDrvx86 - ok

10:25:49.0687 2536 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

10:25:49.0781 2536 BITS - ok

10:25:49.0906 2536 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

10:25:49.0921 2536 Bonjour Service - ok

10:25:49.0984 2536 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

10:25:49.0984 2536 Browser - ok

10:25:50.0093 2536 catchme - ok

10:25:50.0140 2536 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

10:25:50.0140 2536 cbidf2k - ok

10:25:50.0187 2536 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:25:50.0187 2536 CCDECODE - ok

10:25:50.0312 2536 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

10:25:50.0312 2536 ccEvtMgr - ok

10:25:50.0343 2536 [ 2F237AAB91497AAA03AF48EAE68758FC ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

10:25:50.0343 2536 ccSetMgr - ok

10:25:50.0375 2536 cd20xrnt - ok

10:25:50.0437 2536 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

10:25:50.0437 2536 Cdaudio - ok

10:25:50.0500 2536 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

10:25:50.0500 2536 Cdfs - ok

10:25:50.0546 2536 Cdr4_xp - ok

10:25:50.0578 2536 Cdralw2k - ok

10:25:50.0625 2536 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:25:50.0625 2536 Cdrom - ok

10:25:50.0671 2536 [ F6A0F51706CB4B0D5B8718FF69F831BA ] Cinemsup C:\WINDOWS\system32\drivers\Cinemsup.sys

10:25:50.0671 2536 Cinemsup - ok

10:25:50.0734 2536 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

10:25:50.0734 2536 CiSvc - ok

10:25:50.0765 2536 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

10:25:50.0765 2536 ClipSrv - ok

10:25:50.0828 2536 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:25:50.0890 2536 clr_optimization_v2.0.50727_32 - ok

10:25:50.0921 2536 CmdIde - ok

10:25:50.0953 2536 COMSysApp - ok

10:25:51.0015 2536 Cpqarray - ok

10:25:51.0062 2536 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

10:25:51.0078 2536 CryptSvc - ok

10:25:51.0093 2536 dac2w2k - ok

10:25:51.0125 2536 dac960nt - ok

10:25:51.0234 2536 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

10:25:51.0234 2536 DcomLaunch - ok

10:25:51.0281 2536 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

10:25:51.0281 2536 Dhcp - ok

10:25:51.0328 2536 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

10:25:51.0328 2536 Disk - ok

10:25:51.0359 2536 dmadmin - ok

10:25:51.0437 2536 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

10:25:51.0453 2536 dmboot - ok

10:25:51.0500 2536 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

10:25:51.0500 2536 dmio - ok

10:25:51.0546 2536 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

10:25:51.0546 2536 dmload - ok

10:25:51.0609 2536 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

10:25:51.0609 2536 dmserver - ok

10:25:51.0656 2536 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

10:25:51.0656 2536 DMusic - ok

10:25:51.0734 2536 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

10:25:51.0734 2536 Dnscache - ok

10:25:51.0796 2536 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

10:25:51.0796 2536 Dot3svc - ok

10:25:51.0843 2536 dpti2o - ok

10:25:51.0890 2536 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

10:25:51.0890 2536 drmkaud - ok

10:25:51.0968 2536 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

10:25:51.0968 2536 EapHost - ok

10:25:52.0031 2536 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

10:25:52.0031 2536 eeCtrl - ok

10:25:52.0109 2536 [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl C:\WINDOWS\system32\drivers\enodpl.sys

10:25:52.0109 2536 enodpl - ok

10:25:52.0187 2536 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:25:52.0187 2536 EraserUtilRebootDrv - ok

10:25:52.0250 2536 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

10:25:52.0250 2536 ERSvc - ok

10:25:52.0343 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

10:25:52.0359 2536 Eventlog - ok

10:25:52.0437 2536 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll

10:25:52.0437 2536 EventSystem - ok

10:25:52.0500 2536 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

10:25:52.0500 2536 Fastfat - ok

10:25:52.0562 2536 [ 3ACBC73531DEDD69837FE73B1623D49C ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

10:25:52.0578 2536 fasttx2k - ok

10:25:52.0656 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

10:25:52.0656 2536 FastUserSwitchingCompatibility - ok

10:25:52.0703 2536 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

10:25:52.0703 2536 Fdc - ok

10:25:52.0734 2536 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

10:25:52.0734 2536 Fips - ok

10:25:52.0781 2536 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:25:52.0781 2536 Flpydisk - ok

10:25:52.0812 2536 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

10:25:52.0828 2536 FltMgr - ok

10:25:52.0906 2536 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:25:52.0906 2536 FontCache3.0.0.0 - ok

10:25:52.0937 2536 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:25:52.0937 2536 Fs_Rec - ok

10:25:53.0015 2536 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:25:53.0015 2536 Ftdisk - ok

10:25:53.0031 2536 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

10:25:53.0031 2536 gagp30kx - ok

10:25:53.0093 2536 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

10:25:53.0093 2536 GEARAspiWDM - ok

10:25:53.0156 2536 [ B6E01969246FCB67470E87E6957EE147 ] GEARSecurity C:\WINDOWS\System32\GEARSec.exe

10:25:53.0156 2536 GEARSecurity - ok

10:25:53.0203 2536 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:25:53.0218 2536 Gpc - ok

10:25:53.0328 2536 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

10:25:53.0328 2536 gupdate - ok

10:25:53.0343 2536 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

10:25:53.0359 2536 gupdatem - ok

10:25:53.0453 2536 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:25:53.0453 2536 helpsvc - ok

10:25:53.0515 2536 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

10:25:53.0515 2536 HidServ - ok

10:25:53.0578 2536 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:25:53.0578 2536 HidUsb - ok

10:25:53.0625 2536 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

10:25:53.0625 2536 hkmsvc - ok

10:25:53.0656 2536 hpn - ok

10:25:53.0718 2536 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

10:25:53.0718 2536 HTTP - ok

10:25:53.0765 2536 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

10:25:53.0781 2536 HTTPFilter - ok

10:25:53.0812 2536 i2omp - ok

10:25:53.0843 2536 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:25:53.0843 2536 i8042prt - ok

10:25:53.0968 2536 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

10:25:53.0968 2536 IDriverT - ok

10:25:54.0078 2536 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:25:54.0109 2536 idsvc - ok

10:25:54.0250 2536 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20130510.001\IDSxpx86.sys

10:25:54.0250 2536 IDSxpx86 - ok

10:25:54.0312 2536 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

10:25:54.0312 2536 Imapi - ok

10:25:54.0375 2536 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

10:25:54.0375 2536 ImapiService - ok

10:25:54.0421 2536 ini910u - ok

10:25:54.0468 2536 IntelIde - ok

10:25:54.0515 2536 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys

10:25:54.0515 2536 ip6fw - ok

10:25:54.0578 2536 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:25:54.0578 2536 IpFilterDriver - ok

10:25:54.0656 2536 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:25:54.0656 2536 IpInIp - ok

10:25:54.0703 2536 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:25:54.0703 2536 IpNat - ok

10:25:54.0765 2536 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

10:25:54.0781 2536 iPod Service - ok

10:25:54.0812 2536 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:25:54.0828 2536 IPSec - ok

10:25:54.0859 2536 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

10:25:54.0859 2536 IRENUM - ok

10:25:54.0921 2536 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:25:54.0921 2536 isapnp - ok

10:25:54.0968 2536 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:25:54.0968 2536 Kbdclass - ok

10:25:55.0015 2536 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

10:25:55.0015 2536 kmixer - ok

10:25:55.0062 2536 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

10:25:55.0062 2536 KSecDD - ok

10:25:55.0109 2536 [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

10:25:55.0109 2536 L8042Kbd - ok

10:25:55.0156 2536 [ 20C919B52897B72EBCB2AD2FC29D8EF0 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

10:25:55.0156 2536 L8042mou - ok

10:25:55.0203 2536 [ A006D66EDB128FB9AB940A903FDF792E ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys

10:25:55.0203 2536 L8042pr2 - ok

10:25:55.0265 2536 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

10:25:55.0281 2536 lanmanserver - ok

10:25:55.0328 2536 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

10:25:55.0343 2536 lanmanworkstation - ok

10:25:55.0406 2536 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

10:25:55.0406 2536 LHidFilt - ok

10:25:55.0453 2536 [ 31B582394DA3290DFF300F10952E9A4D ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

10:25:55.0453 2536 LHidKe - ok

10:25:55.0500 2536 [ CBD1C6BFF70E170CEC6E1502E7FCFEF6 ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

10:25:55.0500 2536 LHidUsbK - ok

10:25:55.0671 2536 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

10:25:55.0750 2536 LiveUpdate - ok

10:25:55.0812 2536 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

10:25:55.0812 2536 LmHosts - ok

10:25:55.0859 2536 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

10:25:55.0859 2536 LMouFilt - ok

10:25:55.0890 2536 [ 03ABEF1A29ADDC98C32ED0F336B98E90 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys

10:25:55.0921 2536 LMouFlt2 - ok

10:25:55.0968 2536 [ 90A794D0A0BF3531C4BA1C0510449629 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

10:25:55.0968 2536 LMouKE - ok

10:25:56.0015 2536 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

10:25:56.0031 2536 LUsbFilt - ok

10:25:56.0093 2536 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

10:25:56.0093 2536 MBAMProtector - ok

10:25:56.0265 2536 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:25:56.0265 2536 MBAMScheduler - ok

10:25:56.0375 2536 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:25:56.0406 2536 MBAMService - ok

10:25:56.0546 2536 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

10:25:56.0562 2536 McciCMService - ok

10:25:56.0609 2536 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

10:25:56.0625 2536 Messenger - ok

10:25:56.0656 2536 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

10:25:56.0656 2536 mnmdd - ok

10:25:56.0703 2536 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe

10:25:56.0703 2536 mnmsrvc - ok

10:25:56.0750 2536 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

10:25:56.0750 2536 Modem - ok

10:25:56.0781 2536 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:25:56.0781 2536 Mouclass - ok

10:25:56.0843 2536 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:25:56.0843 2536 mouhid - ok

10:25:56.0875 2536 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

10:25:56.0875 2536 MountMgr - ok

10:25:56.0906 2536 mraid35x - ok

10:25:56.0968 2536 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

10:25:56.0968 2536 MREMP50 - ok

10:25:56.0984 2536 MREMPR5 - ok

10:25:57.0015 2536 MRENDIS5 - ok

10:25:57.0062 2536 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

10:25:57.0062 2536 MRESP50 - ok

10:25:57.0093 2536 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:25:57.0093 2536 MRxDAV - ok

10:25:57.0187 2536 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:25:57.0187 2536 MRxSmb - ok

10:25:57.0250 2536 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe

10:25:57.0250 2536 MSDTC - ok

10:25:57.0296 2536 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys

10:25:57.0296 2536 MSDV - ok

10:25:57.0328 2536 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

10:25:57.0328 2536 Msfs - ok

10:25:57.0359 2536 MSIServer - ok

10:25:57.0406 2536 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:25:57.0406 2536 MSKSSRV - ok

10:25:57.0421 2536 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:25:57.0421 2536 MSPCLOCK - ok

10:25:57.0453 2536 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

10:25:57.0453 2536 MSPQM - ok

10:25:57.0484 2536 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:25:57.0484 2536 mssmbios - ok

10:25:57.0531 2536 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

10:25:57.0531 2536 MSTEE - ok

10:25:57.0625 2536 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

10:25:57.0625 2536 Mup - ok

10:25:57.0671 2536 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:25:57.0671 2536 NABTSFEC - ok

10:25:57.0718 2536 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

10:25:57.0718 2536 napagent - ok

10:25:57.0843 2536 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130513.004\NAVENG.SYS

10:25:57.0859 2536 NAVENG - ok

10:25:57.0953 2536 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20130513.004\NAVEX15.SYS

10:25:57.0984 2536 NAVEX15 - ok

10:25:58.0062 2536 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

10:25:58.0078 2536 NDIS - ok

10:25:58.0125 2536 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:25:58.0125 2536 NdisIP - ok

10:25:58.0187 2536 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:25:58.0187 2536 NdisTapi - ok

10:25:58.0218 2536 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:25:58.0218 2536 Ndisuio - ok

10:25:58.0265 2536 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:25:58.0265 2536 NdisWan - ok

10:25:58.0312 2536 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

10:25:58.0312 2536 NDProxy - ok

10:25:58.0375 2536 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

10:25:58.0375 2536 NetBIOS - ok

10:25:58.0421 2536 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

10:25:58.0421 2536 NetBT - ok

10:25:58.0468 2536 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

10:25:58.0484 2536 NetDDE - ok

10:25:58.0515 2536 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

10:25:58.0515 2536 NetDDEdsdm - ok

10:25:58.0578 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

10:25:58.0578 2536 Netlogon - ok

10:25:58.0656 2536 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

10:25:58.0671 2536 Netman - ok

10:25:58.0734 2536 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:25:58.0734 2536 NetTcpPortSharing - ok

10:25:58.0765 2536 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:25:58.0765 2536 NIC1394 - ok

10:25:58.0937 2536 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

10:25:58.0937 2536 NIS - ok

10:25:58.0984 2536 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

10:25:58.0984 2536 Nla - ok

10:25:59.0140 2536 [ F7EAEF08E80717E70D00A7E1DA9E9EE9 ] Norton Ghost C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

10:25:59.0203 2536 Norton Ghost - ok

10:25:59.0281 2536 [ 57883A0C8AB1D93FCE74D79B5FE8B4FF ] NPDriver C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

10:25:59.0281 2536 NPDriver - ok

10:25:59.0312 2536 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

10:25:59.0312 2536 Npfs - ok

10:25:59.0437 2536 [ 45F8A227B4B2F94DEA5E9DA2347890C9 ] NProtectService C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

10:25:59.0437 2536 NProtectService - ok

10:25:59.0500 2536 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

10:25:59.0515 2536 Ntfs - ok

10:25:59.0578 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe

10:25:59.0578 2536 NtLmSsp - ok

10:25:59.0656 2536 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

10:25:59.0656 2536 NtmsSvc - ok

10:25:59.0718 2536 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

10:25:59.0718 2536 Null - ok

10:26:00.0109 2536 [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:26:00.0406 2536 nv - ok

10:26:00.0468 2536 [ 96F1A6F0A0D4F11047DF2F5C17C87E9D ] nvsvc C:\WINDOWS\system32\nvsvc32.exe

10:26:00.0484 2536 nvsvc - ok

10:26:00.0562 2536 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:26:00.0562 2536 NwlnkFlt - ok

10:26:00.0640 2536 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:26:00.0640 2536 NwlnkFwd - ok

10:26:00.0765 2536 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:26:00.0765 2536 odserv - ok

10:26:00.0843 2536 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:26:00.0843 2536 ohci1394 - ok

10:26:00.0921 2536 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:26:00.0937 2536 ose - ok

10:26:00.0984 2536 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

10:26:00.0984 2536 Parport - ok

10:26:01.0015 2536 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

10:26:01.0015 2536 PartMgr - ok

10:26:01.0078 2536 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

10:26:01.0078 2536 ParVdm - ok

10:26:01.0125 2536 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:\WINDOWS\system32\drivers\pavboot.sys

10:26:01.0125 2536 pavboot - ok

10:26:01.0156 2536 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

10:26:01.0156 2536 PCI - ok

10:26:01.0187 2536 PCIDump - ok

10:26:01.0218 2536 PCIIde - ok

10:26:01.0250 2536 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

10:26:01.0250 2536 Pcmcia - ok

10:26:01.0281 2536 perc2 - ok

10:26:01.0312 2536 perc2hib - ok

10:26:01.0437 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

10:26:01.0437 2536 PlugPlay - ok

10:26:01.0468 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

10:26:01.0468 2536 PolicyAgent - ok

10:26:01.0531 2536 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:26:01.0531 2536 PptpMiniport - ok

10:26:01.0578 2536 [ EE2FCC8ED392A6977118725EBA57DEEA ] PQIMount C:\WINDOWS\system32\drivers\PQIMount.sys

10:26:01.0578 2536 PQIMount - ok

10:26:01.0625 2536 [ 37EBF1B8AC2BE603E5BA08DBB3C113AB ] PQV2i C:\WINDOWS\system32\drivers\PQV2i.sys

10:26:01.0625 2536 PQV2i - ok

10:26:01.0656 2536 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

10:26:01.0656 2536 Processor - ok

10:26:01.0703 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

10:26:01.0703 2536 ProtectedStorage - ok

10:26:01.0750 2536 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

10:26:01.0750 2536 PSched - ok

10:26:01.0812 2536 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:26:01.0812 2536 Ptilink - ok

10:26:01.0875 2536 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:26:01.0875 2536 PxHelp20 - ok

10:26:01.0906 2536 ql1080 - ok

10:26:01.0937 2536 Ql10wnt - ok

10:26:01.0968 2536 ql12160 - ok

10:26:02.0000 2536 ql1240 - ok

10:26:02.0031 2536 ql1280 - ok

10:26:02.0062 2536 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:26:02.0062 2536 RasAcd - ok

10:26:02.0109 2536 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

10:26:02.0109 2536 RasAuto - ok

10:26:02.0140 2536 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:26:02.0156 2536 Rasl2tp - ok

10:26:02.0218 2536 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

10:26:02.0218 2536 RasMan - ok

10:26:02.0265 2536 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:26:02.0265 2536 RasPppoe - ok

10:26:02.0296 2536 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

10:26:02.0296 2536 Raspti - ok

10:26:02.0359 2536 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:26:02.0359 2536 Rdbss - ok

10:26:02.0406 2536 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:26:02.0421 2536 RDPCDD - ok

10:26:02.0500 2536 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

10:26:02.0500 2536 RDPWD - ok

10:26:02.0531 2536 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

10:26:02.0546 2536 RDSessMgr - ok

10:26:02.0593 2536 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

10:26:02.0593 2536 redbook - ok

10:26:02.0656 2536 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

10:26:02.0656 2536 RemoteAccess - ok

10:26:02.0718 2536 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys

10:26:02.0718 2536 Revoflt - ok

10:26:02.0765 2536 Roxio UPnP Renderer 9 - ok

10:26:02.0796 2536 Roxio Upnp Server 9 - ok

10:26:02.0843 2536 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe

10:26:02.0859 2536 RpcLocator - ok

10:26:02.0921 2536 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

10:26:02.0921 2536 RpcSs - ok

10:26:03.0015 2536 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe

10:26:03.0015 2536 RSVP - ok

10:26:03.0062 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

10:26:03.0062 2536 SamSs - ok

10:26:03.0203 2536 [ 5C050421610589F35DBA31E2489FBE43 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe

10:26:03.0203 2536 SandraAgentSrv - ok

10:26:03.0296 2536 [ F903A77DFEACFFC044F64E1EA2106950 ] SandraDataSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe

10:26:03.0296 2536 SandraDataSrv - ok

10:26:03.0359 2536 [ 446DC8347364C6D1DD09EDC7463B1633 ] SandraTheSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe

10:26:03.0406 2536 SandraTheSrv - ok

10:26:03.0468 2536 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

10:26:03.0468 2536 SCardSvr - ok

10:26:03.0546 2536 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

10:26:03.0562 2536 Schedule - ok

10:26:03.0640 2536 [ AC2E5FA94155BC0C4C7AB8F97E181F6F ] SDdriver C:\WINDOWS\system32\Drivers\sddriver.sys

10:26:03.0656 2536 SDdriver - ok

10:26:03.0718 2536 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:26:03.0718 2536 Secdrv - ok

10:26:03.0781 2536 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

10:26:03.0781 2536 seclogon - ok

10:26:03.0812 2536 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

10:26:03.0828 2536 SENS - ok

10:26:03.0875 2536 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

10:26:03.0890 2536 serenum - ok

10:26:03.0937 2536 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

10:26:03.0953 2536 Serial - ok

10:26:04.0015 2536 [ 1F16931C722C69E4A7866244796C66A0 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys

10:26:04.0015 2536 sermouse - ok

10:26:04.0093 2536 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

10:26:04.0093 2536 Sfloppy - ok

10:26:04.0156 2536 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

10:26:04.0171 2536 SharedAccess - ok

10:26:04.0234 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

10:26:04.0234 2536 ShellHWDetection - ok

10:26:04.0265 2536 Simbad - ok

10:26:04.0296 2536 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:26:04.0296 2536 SLIP - ok

10:26:04.0359 2536 [ DFADFC2C86662F40759BF02ADD27D569 ] sonypvs1 C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

10:26:04.0359 2536 sonypvs1 - ok

10:26:04.0390 2536 Sparrow - ok

10:26:04.0468 2536 [ DC4DC886D3779C446F9B0E9D6B006E72 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

10:26:04.0484 2536 SPBBCDrv - ok

10:26:04.0609 2536 [ 0C93E17E0575C9721085D4F7457F2F80 ] Speed Disk service C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

10:26:04.0625 2536 Speed Disk service - ok

10:26:04.0640 2536 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

10:26:04.0640 2536 splitter - ok

10:26:04.0703 2536 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

10:26:04.0718 2536 Spooler - ok

10:26:04.0765 2536 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

10:26:04.0796 2536 sr - ok

10:26:04.0843 2536 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

10:26:04.0859 2536 srservice - ok

10:26:04.0937 2536 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1207020.003\SRTSP.SYS

10:26:04.0953 2536 SRTSP - ok

10:26:04.0984 2536 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1207020.003\SRTSPX.SYS

10:26:04.0984 2536 SRTSPX - ok

10:26:05.0078 2536 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

10:26:05.0078 2536 Srv - ok

10:26:05.0140 2536 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

10:26:05.0140 2536 SSDPSRV - ok

10:26:05.0203 2536 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

10:26:05.0218 2536 stisvc - ok

10:26:05.0281 2536 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:26:05.0281 2536 streamip - ok

10:26:05.0328 2536 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

10:26:05.0328 2536 swenum - ok

10:26:05.0375 2536 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

10:26:05.0375 2536 swmidi - ok

10:26:05.0406 2536 SwPrv - ok

10:26:05.0609 2536 [ 438FAFE708C93B2236FC26B6F2BD5FD0 ] Symantec Core LC C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

10:26:05.0640 2536 Symantec Core LC - ok

10:26:05.0750 2536 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

10:26:05.0765 2536 Symantec RemoteAssist - ok

10:26:05.0796 2536 symc810 - ok

10:26:05.0828 2536 symc8xx - ok

10:26:05.0875 2536 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMDS.SYS

10:26:05.0890 2536 SymDS - ok

10:26:05.0968 2536 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\NIS\1207020.003\SYMEFA.SYS

10:26:05.0984 2536 SymEFA - ok

10:26:06.0031 2536 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

10:26:06.0031 2536 SymEvent - ok

10:26:06.0062 2536 SYMFW - ok

10:26:06.0093 2536 SYMIDS - ok

10:26:06.0125 2536 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\NIS\1207020.003\Ironx86.SYS

10:26:06.0125 2536 SymIRON - ok

10:26:06.0187 2536 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys

10:26:06.0187 2536 symlcbrd - ok

10:26:06.0218 2536 SYMNDIS - ok

10:26:06.0281 2536 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1207020.003\SYMTDI.SYS

10:26:06.0296 2536 SYMTDI - ok

10:26:06.0328 2536 sym_hi - ok

10:26:06.0359 2536 sym_u3 - ok

10:26:06.0406 2536 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

10:26:06.0406 2536 sysaudio - ok

10:26:06.0484 2536 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

10:26:06.0484 2536 SysmonLog - ok

10:26:06.0562 2536 [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl C:\WINDOWS\system32\drivers\tandpl.sys

10:26:06.0562 2536 tandpl - ok

10:26:06.0625 2536 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

10:26:06.0640 2536 TapiSrv - ok

10:26:06.0718 2536 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:26:06.0734 2536 Tcpip - ok

10:26:06.0781 2536 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

10:26:06.0781 2536 TDPIPE - ok

10:26:06.0812 2536 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

10:26:06.0812 2536 TDTCP - ok

10:26:06.0859 2536 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

10:26:06.0859 2536 TermDD - ok

10:26:06.0906 2536 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

10:26:06.0906 2536 TermService - ok

10:26:06.0937 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

10:26:06.0937 2536 Themes - ok

10:26:06.0968 2536 TosIde - ok

10:26:07.0015 2536 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

10:26:07.0015 2536 TrkWks - ok

10:26:07.0046 2536 UDFReadr - ok

10:26:07.0078 2536 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

10:26:07.0093 2536 Udfs - ok

10:26:07.0109 2536 ultra - ok

10:26:07.0171 2536 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

10:26:07.0171 2536 Update - ok

10:26:07.0218 2536 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

10:26:07.0234 2536 upnphost - ok

10:26:07.0265 2536 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

10:26:07.0281 2536 UPS - ok

10:26:07.0328 2536 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

10:26:07.0328 2536 USBAAPL - ok

10:26:07.0375 2536 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

10:26:07.0375 2536 usbaudio - ok

10:26:07.0406 2536 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:26:07.0406 2536 usbccgp - ok

10:26:07.0437 2536 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:26:07.0437 2536 usbehci - ok

10:26:07.0468 2536 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:26:07.0468 2536 usbhub - ok

10:26:07.0515 2536 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:26:07.0515 2536 usbprint - ok

10:26:07.0562 2536 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:26:07.0562 2536 usbscan - ok

10:26:07.0593 2536 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys

10:26:07.0593 2536 usbser - ok

10:26:07.0640 2536 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:26:07.0640 2536 USBSTOR - ok

10:26:07.0687 2536 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:26:07.0687 2536 usbuhci - ok

10:26:07.0734 2536 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

10:26:07.0734 2536 VgaSave - ok

10:26:07.0781 2536 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

10:26:07.0781 2536 ViaIde - ok

10:26:07.0828 2536 [ EBE101C01D80A42868F57B327BE1B564 ] viasraid C:\WINDOWS\system32\drivers\viasraid.sys

10:26:07.0843 2536 viasraid - ok

10:26:07.0859 2536 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

10:26:07.0875 2536 VolSnap - ok

10:26:07.0906 2536 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

10:26:07.0921 2536 VSS - ok

10:26:07.0984 2536 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

10:26:07.0984 2536 W32Time - ok

10:26:08.0062 2536 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:26:08.0062 2536 Wanarp - ok

10:26:08.0156 2536 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

10:26:08.0171 2536 Wdf01000 - ok

10:26:08.0187 2536 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

10:26:08.0203 2536 wdmaud - ok

10:26:08.0234 2536 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

10:26:08.0234 2536 WebClient - ok

10:26:08.0343 2536 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

10:26:08.0359 2536 winmgmt - ok

10:26:08.0437 2536 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

10:26:08.0437 2536 WmdmPmSN - ok

10:26:08.0515 2536 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe

10:26:08.0515 2536 WmiApSrv - ok

10:26:08.0640 2536 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

10:26:08.0671 2536 WMPNetworkSvc - ok

10:26:08.0687 2536 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

10:26:08.0687 2536 WpdUsb - ok

10:26:08.0734 2536 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:26:08.0734 2536 WS2IFSL - ok

10:26:08.0765 2536 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

10:26:08.0765 2536 wscsvc - ok

10:26:08.0796 2536 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:26:08.0812 2536 WSTCODEC - ok

10:26:08.0843 2536 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

10:26:08.0859 2536 wuauserv - ok

10:26:08.0937 2536 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:26:08.0937 2536 WudfPf - ok

10:26:08.0984 2536 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:26:08.0984 2536 WudfRd - ok

10:26:09.0031 2536 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

10:26:09.0031 2536 WudfSvc - ok

10:26:09.0125 2536 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

10:26:09.0125 2536 WZCSVC - ok

10:26:09.0187 2536 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

10:26:09.0250 2536 xmlprov - ok

10:26:09.0296 2536 [ A8D429E2268792638CFFC57552C5E736 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys

10:26:09.0296 2536 yukonwxp - ok

10:26:09.0359 2536 ================ Scan global ===============================

10:26:09.0375 2536 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

10:26:09.0468 2536 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

10:26:09.0500 2536 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

10:26:09.0546 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

10:26:09.0546 2536 [Global] - ok

10:26:09.0562 2536 ================ Scan MBR ==================================

10:26:09.0578 2536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

10:26:09.0796 2536 \Device\Harddisk0\DR0 - ok

10:26:09.0812 2536 ================ Scan VBR ==================================

10:26:09.0828 2536 [ 5AEB61215703A5CDD8634353567D8191 ] \Device\Harddisk0\DR0\Partition1

10:26:09.0828 2536 \Device\Harddisk0\DR0\Partition1 - ok

10:26:09.0828 2536 ============================================================

10:26:09.0828 2536 Scan finished

10:26:09.0828 2536 ============================================================

10:26:09.0875 2092 Detected object count: 0

10:26:09.0875 2092 Actual detected object count: 0

domer7 · May 13, 2013

aswMBR Log

Run date: 2013-05-13 10:21:25

-----------------------------

10:21:25.671 OS Version: Windows 5.1.2600 Service Pack 3

10:21:25.671 Number of processors: 1 586 0x1F00

10:21:25.671 ComputerName: HOMEMAIN UserName:

10:21:29.234 Initialize success

10:21:53.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

10:21:53.562 Disk 0 Vendor: WDC_WD1600JB-98GVC0 08.02D08 Size: 152627MB BusType: 3

10:21:53.687 Disk 0 MBR read successfully

10:21:53.687 Disk 0 MBR scan

10:21:53.687 Disk 0 Windows XP default MBR code

10:21:53.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63

10:21:53.703 Disk 0 scanning sectors +312560640

10:21:53.781 Disk 0 scanning C:\WINDOWS\system32\drivers

10:22:03.234 Service scanning

10:22:26.859 Modules scanning

10:22:36.265 Scan finished successfully

10:24:23.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve & Anita\Desktop\MBR.dat"

10:24:23.312 The log file has been saved successfully to "C:\Documents and Settings\Steve & Anita\Desktop\aswMBR log.txt"

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 05/13/2013 at 10:35:15.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

domer7 · May 13, 2013

Regarding aswMBR Scan - Fix button NOT enabled

Fix MBR button WAS enabled

domer

Maurice Naggar · May 13, 2013

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a QUICK Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

domer7 · May 13, 2013

Maurice,

There was no option for Show Results after the MBAM scan.

Computer seems to be running very well. I have been on and off the internet many times today. Only the last time (prior to this session to post my response and log) did intrusion prevention get turned off in NIS without my initiating the action. I have not stayed on the internet for any lengthy period and do not leave my computer unattended when connected so I can monitor the intrusion protection switching. I don't want it to switch off then I am away for a long period.

MBAM log

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.13.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Steve & Anita :: HOMEMAIN [administrator]

Protection: Disabled

5/13/2013 3:37:39 PM

mbam-log-2013-05-13 (15-37-39).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 289234

Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Maurice Naggar · May 14, 2013

We are just about ready to do cleanups & to close this. But to address something you said before

It has been suggested I convert to Microsoft Security Essential as my AV protection. Is this the time to do it? I don't want to make too many changes until things are sorted out, but I don't know what is happening at this point.
domer

IF you want to switch away from Norton ....

Here's the first step(s) in switching from one antivirus program to another one. (keeping in mind you're on Windows XP)

1. Download and SAVE the new AV program. Do NOT install just yet.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Choose one of them.

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

2. De-install the old program. use Control Panel >> Add-or-Remove Programs

3. Reboot system.

4. See this guide and then run the Uninstall tool for the old set.

http://experts.windo...s_wiki/156.aspx

Get & run the Norton product removal tool

Reason being, Norton/Symantec can leave behind some traces when removed.

5. Run the install/setup for the new antivirus.

6. Make sure you register with a legitimate email of yours, if requested. So you get notified on activation (if needed).

7. Logoff and restart Windows.

8. Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date.

domer7 · May 14, 2013

Maurice,

The conversion to MSE is completed. Two things seemed different:

1. MSE did not recognize Windows Firewall was turned on.

2. Icons for runtime and aswMBR came up as Video CD files.

MSE performed an update after installation and a full scan after the update. There were no malicious items detected.

Other than that, things seems to be running smoothly.

domer

Maurice Naggar · May 14, 2013

Go to Control Panel >>>Security Center and make sure to turn ON the Windows firewall.

aswMBR we will delete as part of the tools-cleanup sequence. Explain to me, what is "runtime" ???

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or 8 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

domer7 · May 14, 2013

Maurice,

I did check Windows Firewall right away and it was checked as being on.

I thought the runtime icon was a log or remnant of one of the scans. It is not anything I remember running. It says it is a .dat file.

I just noticed something else had changed - MS Office Word was removed from the Desktop and when I click on the icon in my Start folder, it starts Windows Installer. I did not want to complete installation without asking first, so I hit cancel. Thoughts?

Should I run Farbar's Service Scanner first?

domer7 · May 14, 2013

Also, in the location on my desktop where the MS Word icon was there is now an Internet Explorer icon.

Maurice Naggar · May 14, 2013

Leave the "icons" alone.

Go ahead and get & run Farbar Service Scanner.

domer7 · May 14, 2013

Maurice,

After running the Scanner tool, i noticed the Security Center wscsvc notation. I went into the Windows Firewall and on the Exceptions Tab iTunes, Norton Removal Tool and Remote Assistance were checked. On the Advanced Tab I found the following message "The network connection settings have been corrupted. To fix this click Restore Defaults. This will delete all of your settings for Windows Firewall and may cause some programs to stop working." I did not make any changes.

Here is the Farbar log

Farbar Service Scanner Version: 14-04-2013

Ran by Steve & Anita (administrator) on 14-05-2013 at 13:53:52

Running from "C:\Documents and Settings\Steve & Anita\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x080000000500000001000000020000000300000004000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Maurice Naggar · May 14, 2013

Looking at my reply in post # 31, Did you get and run the Norton Product Removal tool ---- at # 4 in that list when I outlined how to switch antivirus?

Please let me know.

Download and SAVE to your system Desktop http://download.bleepingcomputer.com/win-services/xp/LEGACY_WSCSVC.reg

Download and SAVE to your system Desktop http://download.bleepingcomputer.com/win-services/xp/wscsvc.reg

Next, we need to merge the two registry files in Regedit.

go to Start, type in

REGEDIT

and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in wscsvc.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in LEGACY_WSCSVC.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

Exit/close Regedit.

Logoff and Restart Windows fresh.

Go to Control Panel >>>Security Center and look carefully at status of the Windows firewall.

IF there's an issue, see if you can take a screen-capture and post that into a reply.

domer7 · May 15, 2013

Maurice.

I did download and use the Norton Product removal tool. Microsoft Security Essentials is running.

In trying to merge the two registry files, the first one imported OK. The second one did not and an error message popped up - Cannot Import LEGACY_WSCSVC.REG : Error accessing Registry.

Not sure what I should do next, but am out of REGEDIT. I could not attache the error message as I am unsure how to insert the PrintScreen capture without Word or Excel installed at the moment. Found out both had been deleted at some point today.

No change in Firewall Security Center settings as described in previous post.

domer

Maurice Naggar · May 15, 2013

OK. You can use ALT + Printscreen keys to get a screen capture, then start mspaint.exe to get to MS Paint and then do a CTRL+V to do a paste in there and then save the file as a GIF. Than attach here in a reply.

I doubt that Word or Excel are really deleted. My guess is that just the shortcuts are somehow "dinged".

You ought to still see your applications when you go to Start >> All Applications

Services Review

a) Make sure if you opened any apps of yours, that you Exit them.

b) Be sure you are logged in with Admistrator rights account.

c) From Start button, select RUN (or Win-key +R) and in the run-text-box type in

msconfig

and press OK or Enter.

d) You should see the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

e) Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

f) Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

g) the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

h) Then using the scroll-bar scroll down the list

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

When finished, Exit out of the services console.

Then report back here with details.

If any of the services are not shown, just let me know which. I can guide you to getting them "corrected".

Press Windows Start-key, select Control Panel, then Security Center. Expand the Security block (click the down arrow).

What does it show for Firewall? and other security related lines ?

domer7 · May 15, 2013

Maurice,

When I hit Apply, this WinPatrol ALert popped up - see attachment. I have not gone any further.

From your last request, here is information from msconfig:

Selective Startup was checked with the following services also checked -

Process SYSTEM.INI File

Process WIN.INI File

Load System Services

Load Startup Items

Button Enabled - Use Original BOOT.INI

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Checked but Stopped

Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark. Not Listed

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not Listed

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not Listed

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Checked and Running

When done, press the Apply button, and the OK button.

WinPatrol Alert.bmp

Maurice Naggar · May 15, 2013

Please answer these questions:

1) Have you used in the past, at any time, any sort of registry cleaner, optimizer, etc and if so, tell me which and when.

2) Has WinPatrol been installed on this system the whole time since this case started?

3) Mobsync.exe is the Microsoft Synchronizatio Manager and is not harmful.

We need to get a couple of other registry entries for XP services.

Download and SAVE to your system Desktop http://download.bleepingcomputer.com/win-services/xp/SharedAccess.reg

Download and SAVE to your system Desktop http://download.bleepingcomputer.com/win-services/xp/MSIServer.reg

Next, we need to merge the two registry files in Regedit.

go to Start, type in

REGEDIT

and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in SharedAccess.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in MSIServer.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

Exit/close Regedit.

Logoff and Restart Windows fresh.

Go to Control Panel >>>Security Center and look carefully at status of the Windows firewall.

domer7 · May 15, 2013

Maurice,

I have never used a registry cleaner or optimizer
I installed Win Patrol yesterday with Microsoft Security Essentials.
As the mobsync is not harmful, I will click on except change so I can log out of regedit and move on to next steps.

Regarding MS Word and Excel, the programs have not disappeared, however when I click on the item in the Start-All Programs option, Windows Installer starts up.

domer7 · May 15, 2013

regedit complete. No change in Firewall Settings. Attached screen shots of Exceptions and Advanced tabs. Firewall ON is enabled

Firewall Exceptions.bmp

Firewall Advanced.bmp

domer7 · May 16, 2013

Maurice,

I am going to be out of town starting tomorrow through next Monday, returning Tuesday. I will have one day to perform next steps then I will be gone for another 10 days. During the second absence, if there are still steps to accomplish, I will turn it over to my son - college senior and very capable of following directions, though not as computer knowledgeable. Your instructions and help have been very clear and your help has been very gracious and greatly appreciated. Please do not close the thread.

domer

Maurice Naggar · May 20, 2013

Hello domer,

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

domer7 · May 21, 2013

Thanks Maurice, I will be home tomorrow and have these steps completed by 2:00 pm PDT. domer

Maurice Naggar · May 21, 2013

OK. Will check back on you.

domer7 · May 21, 2013

Maurice,

Downloaded latest version of each program. OTL did not create an extras log

Security Check Log was blank.

Both programs had previous versions on my desktop.

OTL Log

OTL logfile created on: 5/21/2013 12:50:03 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve & Anita\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.60% Memory free

3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.41% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 87.99 Gb Free Space | 59.04% Space Free | Partition Type: NTFS

Computer Name: HOMEMAIN | User Name: Steve & Anita | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/21 12:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe

PRC - [2013/04/26 15:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/09 18:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)

SRV - [2013/05/15 10:46:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/08/24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)

SRV - [2007/02/27 17:20:22 | 001,204,416 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -- (SandraTheSrv)

SRV - [2007/02/27 17:19:14 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -- (SandraDataSrv)

SRV - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | System | Stopped] -- -- (UDFReadr)

DRV - File not found [File_System | Boot | Stopped] -- -- (PQV2i)

DRV - File not found [Kernel | System | Stopped] -- -- (PQIMount)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | System | Stopped] -- -- (Cdralw2k)

DRV - File not found [Kernel | System | Stopped] -- -- (Cdr4_xp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEVE&~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2013/05/21 12:25:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDE53EF9-88B3-4FD2-8002-BBFDFA3CB831}\MpKsl3b6072fd.sys -- (MpKsl3b6072fd)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/08/14 06:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/08/14 06:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2005/05/20 16:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2005/05/20 16:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/18 16:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2004/03/19 05:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004/02/23 20:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)

DRV - [2003/10/31 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)

DRV - [2003/08/05 19:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)

DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)

DRV - [2003/03/04 02:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2003/03/04 02:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)

DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)

DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.focusonthefamily.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 A3 6F 2E 3C 3D CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {F1F5A2C9-FFD1-4C0F-A7FE-57135955C4EE}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\..\SearchScopes\{F1F5A2C9-FFD1-4C0F-A7FE-57135955C4EE}: "URL" = http://www.google.co...utputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/17 11:00:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks [2009/09/29 15:08:42 | 000,000,000 | ---D | M]

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Docs = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/12 09:32:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: vetcentric.com ([]https in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)

O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CE2CB9D-B559-4F0C-AEA9-3F0D829E0F77}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/09 18:31:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 12:44:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe

[2013/05/14 12:21:45 | 000,354,299 | ---- | C] (Farbar) -- C:\Documents and Settings\Steve & Anita\Desktop\FSS.exe

[2013/05/14 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Application Data\WinPatrol

[2013/05/14 09:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol

[2013/05/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2013/05/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios

[2013/05/14 09:50:04 | 000,906,440 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Steve & Anita\Desktop\wpsetup.exe

[2013/05/14 09:20:19 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2013/05/14 09:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/05/14 07:34:35 | 011,091,432 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\mseinstall.exe

[2013/05/13 10:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/05/13 10:30:57 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/13 10:20:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve & Anita\Desktop\JRT.exe

[2013/05/13 10:20:06 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve & Anita\Desktop\tdsskiller.exe

[2013/05/13 10:19:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steve & Anita\Desktop\aswMBR.exe

[2013/05/12 21:29:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve & Anita\Desktop\Steve & Anita.exe

[2013/05/12 21:29:17 | 000,000,000 | ---D | C] -- C:\rsit

[2013/05/12 18:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile

[2013/05/12 18:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix

[2013/05/12 09:17:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/05/12 09:17:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/05/12 09:17:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/05/12 09:17:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/05/12 09:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/12 09:14:05 | 005,069,265 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve & Anita\Desktop\Combo-Fix.exe

[2013/05/11 20:22:15 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.f764.deleteme

[2013/05/11 20:20:56 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine

[2013/05/11 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2013/05/11 20:09:08 | 083,811,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\msert.exe

[2013/05/11 20:04:31 | 011,163,168 | ---- | C] (McAfee Inc) -- C:\Documents and Settings\Steve & Anita\Desktop\stinger32.exe

[2013/05/11 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\PackageAware

[2013/05/11 14:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\RK_Quarantine

[2013/05/11 14:22:46 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve & Anita\Desktop\rkill.com

[2013/04/28 15:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Application Data\FastStone

[2013/04/28 15:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer

[2013/04/28 15:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer

[2013/04/24 10:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\My Documents\Contacts

[2011/12/27 13:36:56 | 069,341,552 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/05/21 12:48:13 | 000,890,825 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SecurityCheck.exe

[2013/05/21 12:45:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/05/21 12:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe

[2013/05/21 12:34:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/05/21 12:28:26 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/21 12:28:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/05/21 12:24:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/21 07:11:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/15 14:15:40 | 001,236,054 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Advanced.bmp

[2013/05/15 14:14:44 | 001,236,054 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Exceptions.bmp

[2013/05/15 13:45:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/05/15 13:41:07 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\MSIServer.reg

[2013/05/15 13:40:59 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SharedAccess.reg

[2013/05/15 10:46:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/15 10:46:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/05/14 17:16:25 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\wscsvc.reg

[2013/05/14 17:15:59 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\LEGACY_WSCSVC.reg

[2013/05/14 12:42:05 | 000,561,112 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\DPE.DUS

[2013/05/14 12:18:19 | 000,354,299 | ---- | M] (Farbar) -- C:\Documents and Settings\Steve & Anita\Desktop\FSS.exe

[2013/05/14 09:50:11 | 000,906,440 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Steve & Anita\Desktop\wpsetup.exe

[2013/05/14 09:15:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2013/05/14 07:48:49 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Microsoft Office Word 2007.lnk

[2013/05/14 07:39:28 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Norton_Removal_Tool.exe

[2013/05/14 07:34:35 | 011,091,432 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\mseinstall.exe

[2013/05/13 10:24:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\MBR.dat

[2013/05/13 10:20:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve & Anita\Desktop\JRT.exe

[2013/05/13 10:20:16 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve & Anita\Desktop\tdsskiller.exe

[2013/05/13 10:19:42 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steve & Anita\Desktop\aswMBR.exe

[2013/05/12 21:27:30 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\RSIT.exe

[2013/05/12 18:20:52 | 000,002,690 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.reg

[2013/05/12 18:18:47 | 000,004,382 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.reg

[2013/05/12 18:11:52 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.zip

[2013/05/12 18:11:41 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.zip

[2013/05/12 09:32:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/05/12 09:14:19 | 005,069,265 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve & Anita\Desktop\Combo-Fix.exe

[2013/05/11 23:02:45 | 000,000,168 | RH-- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger.opt

[2013/05/11 22:59:08 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202814.html

[2013/05/11 20:26:54 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202056.html

[2013/05/11 20:22:12 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.f764.deleteme

[2013/05/11 20:17:22 | 000,469,668 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\runtime.dat

[2013/05/11 20:09:13 | 083,811,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\msert.exe

[2013/05/11 20:04:31 | 011,163,168 | ---- | M] (McAfee Inc) -- C:\Documents and Settings\Steve & Anita\Desktop\stinger32.exe

[2013/05/11 18:47:22 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2013/05/11 14:23:50 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\RogueKiller.exe

[2013/05/11 14:22:52 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve & Anita\Desktop\rkill.com

[2013/05/11 14:14:48 | 000,773,002 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Contact Prescription 2013.jpg

[2013/05/10 14:32:35 | 002,682,648 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Agreement.jpg

[2013/05/10 14:30:26 | 001,145,803 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Form.jpg

[2013/05/10 11:34:26 | 000,009,223 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\hijackthis log 5-10-13

[2013/05/03 11:22:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2013/05/01 15:13:58 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\spider.sav

[2013/04/29 12:50:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI

[2013/04/29 10:07:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Microsoft Office Excel 2007.lnk

[2013/04/28 15:36:29 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk

[2013/04/27 14:21:19 | 000,071,003 | -H-- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\hpothb07.tif

[2013/04/22 11:49:54 | 000,003,394 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\attachments_2013_04_22.zip

[2013/04/22 09:25:53 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/05/15 14:15:40 | 001,236,054 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Advanced.bmp

[2013/05/15 14:14:44 | 001,236,054 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Exceptions.bmp

[2013/05/15 13:41:06 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\MSIServer.reg

[2013/05/15 13:40:55 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SharedAccess.reg

[2013/05/15 09:43:41 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[2013/05/15 09:43:41 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2013/05/14 17:16:24 | 000,003,658 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\wscsvc.reg

[2013/05/14 17:15:57 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\LEGACY_WSCSVC.reg

[2013/05/14 12:41:59 | 000,561,112 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\My Documents\DPE.DUS

[2013/05/14 09:25:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/05/14 09:15:54 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2013/05/14 09:15:36 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/05/14 07:39:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Norton_Removal_Tool.exe

[2013/05/13 10:24:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\MBR.dat

[2013/05/12 21:27:29 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\RSIT.exe

[2013/05/12 18:24:27 | 000,004,382 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.reg

[2013/05/12 18:24:07 | 000,002,690 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.reg

[2013/05/12 18:11:51 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.zip

[2013/05/12 18:11:40 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.zip

[2013/05/12 09:17:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/05/12 09:17:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/05/12 09:17:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/05/12 09:17:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/05/12 09:17:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/05/11 23:02:45 | 000,000,168 | RH-- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger.opt

[2013/05/11 20:28:14 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202814.html

[2013/05/11 20:20:56 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202056.html

[2013/05/11 20:17:17 | 000,469,668 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\runtime.dat

[2013/05/11 18:47:22 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk

[2013/05/11 14:23:47 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\RogueKiller.exe

[2013/05/11 14:14:48 | 000,773,002 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Contact Prescription 2013.jpg

[2013/05/11 07:52:41 | 000,890,825 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SecurityCheck.exe

[2013/05/10 14:30:26 | 001,145,803 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Form.jpg

[2013/05/10 14:29:45 | 002,682,648 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Agreement.jpg

[2013/05/10 11:34:26 | 000,009,223 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\hijackthis log 5-10-13

[2013/05/03 11:22:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/28 15:36:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk

[2013/04/22 11:49:45 | 000,003,394 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\attachments_2013_04_22.zip

[2013/04/12 08:55:32 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2013/04/12 08:55:32 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2013/04/12 08:55:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2012/02/28 19:48:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/06 17:14:14 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\burnaware.ini

[2011/01/03 22:15:25 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini

[2010/10/27 20:27:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/10/27 20:22:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/08/07 19:48:43 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\default.pls

[2010/07/04 13:22:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2010/01/07 00:41:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\imageCache8_UNI.db

[2009/12/17 12:28:46 | 012,177,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda

[2009/12/06 13:25:47 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\DMX.bmk

[2009/12/04 08:41:42 | 000,315,692 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\rx_image.Cache

[2007/03/09 20:39:09 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\FixVTS.ini

[2007/02/08 20:31:55 | 016,133,564 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\imageCache7.db

[2006/04/14 21:25:15 | 000,335,360 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\audioCache8_UNI.db

[2006/04/11 20:49:42 | 000,003,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/04/10 21:57:23 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/04/09 23:22:30 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/09 23:21:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/21 22:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

========== LOP Check ==========

[2012/05/24 21:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\18242

[2013/02/03 21:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2011/03/19 21:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\312FD

[2012/11/08 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3AEA

[2007/12/24 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3

[2011/05/15 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2006/06/13 20:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund

[2007/03/22 21:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2013/05/15 15:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2006/11/29 00:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaLife

[2009/05/03 13:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings

[2010/03/20 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets

[2010/03/20 21:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2007/02/06 22:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2010/03/20 21:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2013/04/19 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group

[2013/04/16 22:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/12/27 13:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/05/11 19:33:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

[2012/05/24 21:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Ashampoo

[2010/01/12 11:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Auslogics

[2009/11/24 17:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Backup MyPC Deluxe

[2010/03/31 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\ElevatedDiagnostics

[2006/04/09 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\IsolatedStorage

[2007/03/22 21:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Leadertech

[2006/08/16 09:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\MediaLife

[2010/03/20 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Simple Star

[2012/07/14 15:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Tific

[2007/02/06 22:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Ulead Systems

[2012/05/23 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\uTorrent

[2013/05/14 09:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

Maurice Naggar · May 22, 2013

For your XP security center service, go to this MS link http://go.microsoft.com/?linkid=9830295

and RUN the FixIt tool

After that is done, provide me an update on the current status of your system. Provide detail on any remaining problem.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Re-post - PUM.Disabled.SecurityCenter

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information